Cybersecurity Jobs

Here’s a number that should not exist in 2026.

Roughly 750,000 cybersecurity jobs are unfilled in the United States right now. Globally, that number climbs to 4.8 million open positions, according to the 2024 ISC2 Cybersecurity Workforce Study. And the gap grew 19% in just one year.

Think about that for a second. One of the highest-paying, most in-demand fields in tech — and companies can’t hire fast enough. Meanwhile, thousands of career-switchers are trying to break into tech and getting told “there are no jobs.”

So what’s actually going on?

I spent the last few weeks reading the ISC2 workforce report, ISACA’s research, BLS projections, Robert Half data, and real job postings from Indeed, LinkedIn, and cybersecurity-specific job boards. I also talked to three cybersecurity hiring managers — two from large US enterprises, one from a mid-size European firm.

What I found was honestly surprising. The shortage is real. The salaries are climbing. But the reason these jobs sit empty has almost nothing to do with what most people assume.

Here’s the actual story.

The Real Numbers Behind the Cybersecurity Jobs Gap

Let me give you the data without the scary headlines.

  • US unfilled cybersecurity positions: approximately 700,000–750,000 as of 2026 (BCG, ISC2, CyberSeek)
  • Global unfilled cybersecurity positions: 4.8 million (ISC2 2024 Workforce Study)
  • Active global cybersecurity workforce: 5.5 million professionals — basically one empty chair for every filled one
  • Workforce needed to meet current demand: an 87% increase from where we are today (World Economic Forum)
  • BLS projected growth for information security analysts (2024–2034): 33% — roughly 6 times faster than the average for all US occupations
  • Salaries climbing at: 7–10% annually, according to KORE1’s 2026 staffing data

Put simply, cybersecurity is one of the clearest supply-and-demand stories in the entire tech job market. Demand is going straight up. Supply is moving at a crawl.

But this is where it gets interesting.

Why These Jobs Actually Sit Empty (It’s Not What You Think)

Most articles you’ll read blame the shortage on “not enough trained people.” That used to be true. But in 2026, that’s not the main story anymore.

The 2024 and 2025 ISC2 Workforce Studies found something that changed how the industry talks about this. For the first time ever, budget cuts and hiring freezes overtook “lack of qualified talent” as the top reason cybersecurity positions stay open. Let that sink in.

The jobs exist. The candidates are slowly growing. But companies are hitting a strange wall in the middle.

The Four Real Reasons Cybersecurity Jobs Sit Empty

Here are the four real reasons cybersecurity jobs sit empty in 2026:

Reason 1: Budget cuts after the 2023–2025 tech correction

Cybersecurity teams were hit hard during the tech industry’s post-pandemic correction. Companies froze hiring in 2023 and 2024. Even though threats kept climbing, many enterprises chose to run lean security teams rather than hire more people. That habit has stuck. ISC2 reports that 33% of organizations now say they simply don’t have the budget to staff their cybersecurity teams properly.

Reason 2: Companies only want “senior” candidates

Here’s the frustrating irony. Companies have entry-level jobs open. But the job descriptions often ask for 3 to 5 years of experience, plus multiple certifications, plus specific tool experience. This creates an artificial bottleneck. The candidates exist — but they don’t match the wishlist.

Hiring managers I spoke with openly admitted this. One said: “We need junior analysts, but nobody on the leadership team wants to sign off on training them up. So the req sits open for nine months.”

Reason 3: Skills mismatch in new areas

Even when companies do hire, the skills they actually need have changed fast. Cloud security, AI security, zero trust architecture, and security automation are all in demand. Traditional cybersecurity training hasn’t caught up yet. According to ISACA and ISC2, 90% of cybersecurity teams report skills gaps — not just people gaps.

Reason 4: Burnout is driving existing professionals out

Security teams are exhausted. 74% of cybersecurity professionals said in 2024 that the current threat landscape was the most challenging they’d seen in five years. Layoffs, hiring freezes, and constant pressure have pushed experienced people out of the field. Every time one leaves, another open position is created — and it’s harder to fill than the last one.

Why This Crisis Is Actually Good News If You’re Thinking About Breaking In

Cybersecurity career growth

Now here’s the part that matters for you.

If you’re someone considering a career switch into cybersecurity — or you’re in IT support, networking, helpdesk, or a non-tech role wondering whether this is worth it — the job gap is genuinely an opportunity.

Here’s why the timing is unusually good: Salaries are climbing 7–10% per year because companies are desperate. Even if you enter at the bottom, compensation growth is faster than almost any other field in tech.

Entry-level roles pay real money: A SOC Analyst Tier 1 role — the most common starting point — averages $90,462 in the US according to Glassdoor’s 2026 data. That’s a strong starting salary, especially for a field you can enter without a CS degree.

Certifications matter more than degrees: CompTIA Security+ alone can add $10,000–$15,000 to your starting salary and qualifies you for most entry-level SOC Analyst positions. For cleared government contractor roles, the premium jumps to $15,000–$30,000.

33% projected job growth through 2034: Means even as AI automates parts of the field, the overall demand for humans keeps rising. The US Bureau of Labor Statistics projects roughly 17,300 new openings per year just for information security analysts — one of the highest growth rates across all US occupations.

Companies are finally starting to drop the “5 years required” filter: Real-world hiring managers I spoke with in early 2026 said they are now far more open to candidates with Security+ plus a home lab, TryHackMe/Hack The Box experience, or an internship — rather than waiting forever for a perfect 5-year candidate who doesn’t exist.

What a Real Entry-Level Cybersecurity Role Looks Like in 2026

Let me tell you what getting in actually looks like — not the glamorous Hollywood version.

Most people break into cybersecurity through one of these four entry-level roles:

1. SOC Analyst Tier 1. This is the most common starting point. You monitor security alerts, investigate potential threats, and escalate real incidents. Average US salary: around $90,462 (Glassdoor 2026). Remote and hybrid roles are common.

2. GRC Analyst (Governance, Risk, and Compliance). You assess risks, check compliance with regulations like GDPR or HIPAA, and help companies pass audits. Average US entry salary: $80,000–$100,000. Great entry point for people with audit, finance, or legal backgrounds.

3. IT Security Specialist. You handle security-related IT work like access management, endpoint security, and security configuration. Average US salary: $75,000–$90,000. Often a smooth transition for people already in IT support.

4. Junior Penetration Tester. You test systems for weaknesses. This is harder to break into without some hands-on lab work (TryHackMe, Hack The Box) or offensive security certifications like eJPT or PenTest+. Average US salary: $80,000–$110,000.

Here’s a quick reference table of what cybersecurity actually pays, from entry to senior:

Role

 Entry-Level Salary (US)

Senior-Level Salary (US)

SOC Analyst

 $75K–$95K

$120K–$150K

GRC Analyst

 $80K–$100K

$130K–$170K

Cybersecurity Engineer

 $100K–$130K

$170K–$200K

Cloud Security Engineer

 $120K–$155K

$180K–$225K

Security Architect

 $140K–$170K

$190K–$250K+

CISO (Chief Info Sec Officer)

 Not typical entry

$220K–$420K+

Salaries outside the US also climb well. In the UK, entry-level SOC analyst roles pay £42,000–£55,000. In Germany, around €55,000–€70,000. In Canada, CAD 75,000–CAD 95,000. Remote US-company positions often pay significantly more — sometimes 40–60% above local market rates.

The Honest Path to Break Into Cybersecurity

I’m going to give you the real version of this, not the motivational-poster version.

Breaking into cybersecurity in 2026 takes 6 to 12 months of focused effort. Not a weekend. Not a free YouTube playlist. Structured, consistent work. That’s just the truth.

Here’s what the actual path looks like:

Foundation first (8–10 weeks): Before you touch security content, learn basic networking, operating systems (Windows and Linux), and how the internet actually works. CompTIA Network+ is the standard foundation. Skip this and security concepts will feel like nonsense.

Your first real security certification (6–8 weeks): CompTIA Security+ is the entry-level cybersecurity cert most employers recognize. It qualifies you for SOC Analyst roles, is required for US Department of Defense contractor positions, and costs around $425 to sit the exam. This is the most important single step in the entire journey.

Hands-on practice (ongoing): A cert alone won’t get you hired in 2026. You need to show you’ve actually done security work. Sign up for TryHackMe or Hack The Box, complete some real labs, and document everything on GitHub or LinkedIn. A home lab using free AWS tier or old hardware gives you something concrete to talk about in interviews.

Apply while “underqualified” (3–6 months): Same rule as every other tech career switch: if the job description is 60% a match, apply. Most people disqualify themselves by waiting until they match every bullet point. Hiring managers in 2026 are actively hiring candidates with Security+ plus a strong portfolio over candidates with exact resumes but nothing to show.

Survive the first 90 days on the job: Your first SOC Analyst shift will be overwhelming. That’s normal. Security environments use tools like Splunk, SIEM platforms, EDR solutions, and ticketing systems that nobody really learns outside the job. By month three, you’ll be fine.

Conclusion

Let me be clear-eyed about what’s happening.

The 750,000 empty US cybersecurity jobs (and 4.8 million globally) are real. But the reasons they stay empty are more about corporate budget politics than a genuine shortage of talented candidates. Companies want senior people for junior pay. Budget teams want to run lean. Old job descriptions don’t match the new skills needed. And good people are burning out.

If you’re thinking about entering cybersecurity, that’s not a reason to hesitate — it’s a reason to move. The gap isn’t closing. The salaries keep rising. Entry barriers are lower than they’ve been in a decade for people willing to put in the 6–12 months of real work.

The field is also one of the few tech areas AI is making safer, not more obsolete. Every new AI system creates a new attack surface. Every automated defense creates gaps that still need human judgment. The job isn’t going away — it’s getting more important.

If you’ve been sitting on this decision, 2026 is genuinely one of the better times to make the jump.

Sources & Further Reading

The data and salary benchmarks in this article are drawn from the following sources:

Cybersecurity workforce data is updated annually. Salary figures represent 2026 averages and are adjusted for geographic location, certifications, and prior IT experience as noted in the article.

If you’ve been thinking about breaking into cybersecurity but don’t know where to start, browse our training programs to find the path that fits your timeline, or book a free 1-on-1 consultation with our career advisors. We’ll help you figure out the exact next step for your background.